Merge OpenBSM 1.1 changes to the FreeBSD 8.x kernel:

- Add and use mapping of fcntl(2) commands to new BSM constant space.
- Adopt (int) rather than (long) arguments to a number of auditon(2)
  commands, as has happened in Solaris, and add compatibility code to
  handle the old comments.

Note that BSM_PF_IEEE80211 is partially but not fully removed, as the
userspace OpenBSM 1.1alpha5 code still depends on it.  Once userspace
is updated, I'll GCC the kernel constant.

MFC after:		2 weeks
Sponsored by:		Apple, Inc.
Obtained from:		TrustedBSD Project
Portions submitted by:	sson

sys/bsm/audit.h

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2005 Apple Inc.
+ * Copyright (c) 2005-2009 Apple Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26,21 +26,15 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#5
+ * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit.h#9
  * $FreeBSD$
  */
 
-#ifndef _BSM_AUDIT_H
+#ifndef	_BSM_AUDIT_H
 #define	_BSM_AUDIT_H
 
-#ifdef	__APPLE__
-/* Temporary until rdar://problem/6133383 is resolved. */
-#include <sys/types.h>
 #include <sys/param.h>
-#include <sys/socket.h>
-#include <sys/cdefs.h>
-#include <sys/queue.h>
-#endif /* __APPLE__ */
+#include <sys/types.h>
 
 #define	AUDIT_RECORD_MAGIC	0x828a0f1b
 #define	MAX_AUDIT_RECORDS	20
@@ -101,20 +95,20 @@
 /*
  * auditon(2) commands.
  */
-#define	A_GETPOLICY	2
-#define	A_SETPOLICY	3
+#define	A_OLDGETPOLICY	2
+#define	A_OLDSETPOLICY	3
 #define	A_GETKMASK	4
 #define	A_SETKMASK	5
-#define	A_GETQCTRL	6
-#define	A_SETQCTRL	7
+#define	A_OLDGETQCTRL	6
+#define	A_OLDSETQCTRL	7
 #define	A_GETCWD	8
 #define	A_GETCAR	9
 #define	A_GETSTAT	12
 #define	A_SETSTAT	13
 #define	A_SETUMASK	14
 #define	A_SETSMASK	15
-#define	A_GETCOND	20
-#define	A_SETCOND	21
+#define	A_OLDGETCOND	20
+#define	A_OLDSETCOND	21
 #define	A_GETCLASS	22
 #define	A_SETCLASS	23
 #define	A_GETPINFO	24
@@ -126,6 +120,12 @@
 #define	A_SETKAUDIT	30
 #define	A_SENDTRIGGER	31
 #define	A_GETSINFO_ADDR	32
+#define	A_GETPOLICY	33
+#define	A_SETPOLICY	34
+#define	A_GETQCTRL	35
+#define	A_SETQCTRL	36
+#define	A_GETCOND	37
+#define	A_SETCOND	38
 
 /*
  * Audit policy controls.
@@ -216,7 +216,6 @@ struct auditpinfo {
 	au_mask_t	ap_mask;	/* Audit masks. */
 	au_tid_t	ap_termid;	/* Terminal ID. */
 	au_asid_t	ap_asid;	/* Audit session ID. */
-	u_int64_t	ap_flags;	/* Audit session flags. */
 };
 typedef	struct auditpinfo	auditpinfo_t;
 
@@ -226,15 +225,12 @@ struct auditpinfo_addr {
 	au_mask_t	ap_mask;	/* Audit masks. */
 	au_tid_addr_t	ap_termid;	/* Terminal ID. */
 	au_asid_t	ap_asid;	/* Audit session ID. */
+	u_int64_t	ap_flags;	/* Audit session flags. */
 };
 typedef	struct auditpinfo_addr	auditpinfo_addr_t;
 
 struct au_session {
 	auditinfo_addr_t	*as_aia_p;	/* Ptr to full audit info. */
-#define	as_asid			as_aia_p->ai_asid
-#define	as_auid			as_aia_p->ai_auid
-#define	as_termid		as_aia_p->ai_termid
-
 	au_mask_t		 as_mask;	/* Process Audit Masks. */
 };
 typedef struct au_session       au_session_t;
@@ -245,13 +241,22 @@ typedef struct au_session       au_session_t;
 typedef	struct au_token	token_t;
 
 /*
- * Kernel audit queue control parameters.
+ * Kernel audit queue control parameters:
+ * 			Default:		Maximum:
+ * 	aq_hiwater:	AQ_HIWATER (100)	AQ_MAXHIGH (10000) 
+ * 	aq_lowater:	AQ_LOWATER (10)		<aq_hiwater
+ * 	aq_bufsz:	AQ_BUFSZ (32767)	AQ_MAXBUFSZ (1048576)
+ * 	aq_delay:	20			20000 (not used) 
  */
 struct au_qctrl {
-	size_t	aq_hiwater;
-	size_t	aq_lowater;
-	size_t	aq_bufsz;
-	clock_t	aq_delay;
+	int	aq_hiwater;	/* Max # of audit recs in queue when */
+				/* threads with new ARs get blocked. */ 
+
+	int	aq_lowater;	/* # of audit recs in queue when */
+				/* blocked threads get unblocked. */
+
+	int	aq_bufsz;	/* Max size of audit record for audit(2). */
+	int	aq_delay;	/* Queue delay (not used). */
 	int	aq_minfree;	/* Minimum filesystem percent free space. */
 };
 typedef	struct au_qctrl	au_qctrl_t;
@@ -308,6 +313,13 @@ int	getaudit(struct auditinfo *);
 int	setaudit(const struct auditinfo *);
 int	getaudit_addr(struct auditinfo_addr *, int);
 int	setaudit_addr(const struct auditinfo_addr *, int);
+
+#ifdef __APPLE_API_PRIVATE
+#include <mach/port.h>
+mach_port_name_t audit_session_self(void);
+au_asid_t	 audit_session_join(mach_port_name_t port);
+#endif /* __APPLE_API_PRIVATE */
+
 #endif /* defined(_KERNEL) || defined(KERNEL) */
 
 __END_DECLS

sys/bsm/audit_kevents.h

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2005 Apple Inc.
+ * Copyright (c) 2005-2009 Apple Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26,13 +26,19 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#5
+ * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_kevents.h#6
  * $FreeBSD$
  */
 
 #ifndef _BSM_AUDIT_KEVENTS_H_
 #define	_BSM_AUDIT_KEVENTS_H_
 
+/*
+ * The reserved event numbers for kernel events are 1...2047 and 43001..44900.
+ */
+#define	AUE_IS_A_KEVENT(e)	(((e) > 0 && (e) < 2048) || 	\
+    				 ((e) > 43000 && (e) < 45000))
+
 /*
  * Values marked as AUE_NULL are not required to be audited as per CAPP.
  *
@@ -589,6 +595,8 @@
 #define	AUE_FSGETPATH		43191	/* Darwin. */
 #define	AUE_PREAD		43192	/* Darwin/FreeBSD. */
 #define	AUE_PWRITE		43193	/* Darwin/FreeBSD. */
+#define	AUE_FSCTL		43194	/* Darwin. */
+#define	AUE_FFSCTL		43195	/* Darwin. */
 
 /*
  * Darwin BSM uses a number of AUE_O_* definitions, which are aliased to the
@@ -674,12 +682,10 @@
 #define	AUE_CSOPS		AUE_NULL
 #define	AUE_DUP			AUE_NULL
 #define	AUE_FDATASYNC		AUE_NULL
-#define	AUE_FFSCTL		AUE_NULL
 #define	AUE_FGETATTRLIST	AUE_NULL
 #define	AUE_FGETXATTR		AUE_NULL
 #define	AUE_FLISTXATTR		AUE_NULL
 #define	AUE_FREMOVEXATTR	AUE_NULL
-#define	AUE_FSCTL		AUE_NULL
 #define	AUE_FSETATTRLIST	AUE_NULL
 #define	AUE_FSETXATTR		AUE_NULL
 #define	AUE_FSTATFS64		AUE_NULL

sys/bsm/audit_record.h

@@ -1,5 +1,5 @@
 /*-
- * Copyright (c) 2005-2008 Apple Inc.
+ * Copyright (c) 2005-2009 Apple Inc.
  * All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
@@ -26,7 +26,7 @@
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
  * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  *
- * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#9
+ * P4: //depot/projects/trustedbsd/openbsm/sys/bsm/audit_record.h#10
  * $FreeBSD$
  */
 
@@ -286,10 +286,12 @@ token_t	*au_to_zonename(const char *zonename);
  */
 int	 au_bsm_to_domain(u_short bsm_domain, int *local_domainp);
 int	 au_bsm_to_errno(u_char bsm_error, int *errorp);
+int	 au_bsm_to_fcntl_cmd(u_short bsm_fcntl_cmd, int *local_fcntl_cmdp);
 int	 au_bsm_to_socket_type(u_short bsm_socket_type,
 	    int *local_socket_typep);
 u_short	 au_domain_to_bsm(int local_domain);
 u_char	 au_errno_to_bsm(int local_errno);
+u_short	 au_fcntl_cmd_to_bsm(int local_fcntl_command);
 u_short	 au_socket_type_to_bsm(int local_socket_type);
 
 __END_DECLS

sys/conf/files

@@ -2528,6 +2528,7 @@ security/audit/audit_arg.c	optional audit
 security/audit/audit_bsm.c	optional audit
 security/audit/audit_bsm_domain.c	optional audit
 security/audit/audit_bsm_errno.c	optional audit
+security/audit/audit_bsm_fcntl.c	optional audit
 security/audit/audit_bsm_klib.c	optional audit
 security/audit/audit_bsm_socket_type.c	optional audit
 security/audit/audit_bsm_token.c	optional audit

sys/security/audit/audit.c

@@ -129,8 +129,8 @@ struct mtx		audit_mtx;
  * outstanding in the system.
  */
 struct kaudit_queue	audit_q;
-size_t			audit_q_len;
-size_t			audit_pre_q_len;
+int			audit_q_len;
+int			audit_pre_q_len;
 
 /*
  * Audit queue control settings (minimum free, low/high water marks, etc.)

sys/security/audit/audit_bsm.c

@@ -287,13 +287,20 @@ audit_sys_auditon(struct audit_record *ar, struct au_record *rec)
 	struct au_token *tok;
 
 	switch (ar->ar_arg_cmd) {
+	case A_OLDSETPOLICY:
+		if ((size_t)ar->ar_arg_len == sizeof(int64_t)) {
+			tok = au_to_arg32(3, "length", ar->ar_arg_len);
+			kau_write(rec, tok);
+			tok = au_to_arg64(2, "policy",
+			    ar->ar_arg_auditon.au_policy64);
+			kau_write(rec, tok);
+			break;
+		}
+		/* FALLTHROUGH */
 	case A_SETPOLICY:
-		if (sizeof(ar->ar_arg_auditon.au_flags) > 4)
-			tok = au_to_arg64(1, "policy",
-			    ar->ar_arg_auditon.au_flags);
-		else
-			tok = au_to_arg32(1, "policy",
-			    ar->ar_arg_auditon.au_flags);
+		tok = au_to_arg32(3, "length", ar->ar_arg_len);
+		kau_write(rec, tok);
+		tok = au_to_arg32(1, "policy", ar->ar_arg_auditon.au_policy);
 		kau_write(rec, tok);
 		break;
 
@@ -306,20 +313,42 @@ audit_sys_auditon(struct audit_record *ar, struct au_record *rec)
 		kau_write(rec, tok);
 		break;
 
+	case A_OLDSETQCTRL:
+		if ((size_t)ar->ar_arg_len == sizeof(au_qctrl64_t)) {
+			tok = au_to_arg32(3, "length", ar->ar_arg_len);
+			kau_write(rec, tok);
+			tok = au_to_arg64(2, "setqctrl:aq_hiwater",
+			    ar->ar_arg_auditon.au_qctrl64.aq64_hiwater);
+			kau_write(rec, tok);
+			tok = au_to_arg64(2, "setqctrl:aq_lowater",
+			    ar->ar_arg_auditon.au_qctrl64.aq64_lowater);
+			kau_write(rec, tok);
+			tok = au_to_arg64(2, "setqctrl:aq_bufsz",
+			    ar->ar_arg_auditon.au_qctrl64.aq64_bufsz);
+			kau_write(rec, tok);
+			tok = au_to_arg64(2, "setqctrl:aq_delay",
+			    ar->ar_arg_auditon.au_qctrl64.aq64_delay);
+			kau_write(rec, tok);
+			tok = au_to_arg64(2, "setqctrl:aq_minfree",
+			    ar->ar_arg_auditon.au_qctrl64.aq64_minfree);
+			kau_write(rec, tok);
+			break;
+		}
+		/* FALLTHROUGH */
 	case A_SETQCTRL:
 		tok = au_to_arg32(3, "setqctrl:aq_hiwater",
 		    ar->ar_arg_auditon.au_qctrl.aq_hiwater);
 		kau_write(rec, tok);
-		tok = au_to_arg32(3, "setqctrl:aq_lowater",
+		tok = au_to_arg32(2, "setqctrl:aq_lowater",
 		    ar->ar_arg_auditon.au_qctrl.aq_lowater);
 		kau_write(rec, tok);
-		tok = au_to_arg32(3, "setqctrl:aq_bufsz",
+		tok = au_to_arg32(2, "setqctrl:aq_bufsz",
 		    ar->ar_arg_auditon.au_qctrl.aq_bufsz);
 		kau_write(rec, tok);
-		tok = au_to_arg32(3, "setqctrl:aq_delay",
+		tok = au_to_arg32(2, "setqctrl:aq_delay",
 		    ar->ar_arg_auditon.au_qctrl.aq_delay);
 		kau_write(rec, tok);
-		tok = au_to_arg32(3, "setqctrl:aq_minfree",
+		tok = au_to_arg32(2, "setqctrl:aq_minfree",
 		    ar->ar_arg_auditon.au_qctrl.aq_minfree);
 		kau_write(rec, tok);
 		break;
@@ -334,34 +363,47 @@ audit_sys_auditon(struct audit_record *ar, struct au_record *rec)
 		break;
 
 	case A_SETSMASK:
-		tok = au_to_arg32(3, "setsmask:as_success",
+		tok = au_to_arg32(3, "length", ar->ar_arg_len);
+		kau_write(rec, tok);
+		tok = au_to_arg32(2, "setsmask:as_success",
 		    ar->ar_arg_auditon.au_auinfo.ai_mask.am_success);
 		kau_write(rec, tok);
-		tok = au_to_arg32(3, "setsmask:as_failure",
+		tok = au_to_arg32(2, "setsmask:as_failure",
 		    ar->ar_arg_auditon.au_auinfo.ai_mask.am_failure);
 		kau_write(rec, tok);
 		break;
 
+	case A_OLDSETCOND:
+		if ((size_t)ar->ar_arg_len == sizeof(int64_t)) {
+			tok = au_to_arg32(3, "length", ar->ar_arg_len);
+			kau_write(rec, tok);
+			tok = au_to_arg64(2, "setcond",
+			    ar->ar_arg_auditon.au_cond64);
+			kau_write(rec, tok);
+			break;
+		}
+		/* FALLTHROUGH */
 	case A_SETCOND:
-		if (sizeof(ar->ar_arg_auditon.au_cond) > 4)
-			tok = au_to_arg64(3, "setcond",
-			    ar->ar_arg_auditon.au_cond);
-		else
-			tok = au_to_arg32(3, "setcond",
-			    ar->ar_arg_auditon.au_cond);
+		tok = au_to_arg32(3, "length", ar->ar_arg_len);
+		kau_write(rec, tok);
+		tok = au_to_arg32(3, "setcond", ar->ar_arg_auditon.au_cond);
 		kau_write(rec, tok);
 		break;
 
 	case A_SETCLASS:
+		tok = au_to_arg32(3, "length", ar->ar_arg_len);
+		kau_write(rec, tok);
 		tok = au_to_arg32(2, "setclass:ec_event",
 		    ar->ar_arg_auditon.au_evclass.ec_number);
 		kau_write(rec, tok);
-		tok = au_to_arg32(3, "setclass:ec_class",
+		tok = au_to_arg32(2, "setclass:ec_class",
 		    ar->ar_arg_auditon.au_evclass.ec_class);
 		kau_write(rec, tok);
 		break;
 
 	case A_SETPMASK:
+		tok = au_to_arg32(3, "length", ar->ar_arg_len);
+		kau_write(rec, tok);
 		tok = au_to_arg32(2, "setpmask:as_success",
 		    ar->ar_arg_auditon.au_aupinfo.ap_mask.am_success);
 		kau_write(rec, tok);
@@ -371,6 +413,8 @@ audit_sys_auditon(struct audit_record *ar, struct au_record *rec)
 		break;
 
 	case A_SETFSIZE:
+		tok = au_to_arg32(3, "length", ar->ar_arg_len);
+		kau_write(rec, tok);
 		tok = au_to_arg32(2, "setfsize:filesize",
 		    ar->ar_arg_auditon.au_fstat.af_filesz);
 		kau_write(rec, tok);
@@ -847,12 +891,13 @@ kaudit_to_bsm(struct kaudit_record *kar, struct au_record **pau)
 		break;
 
 	case AUE_FCNTL:
+		if (ARG_IS_VALID(kar, ARG_CMD)) {
+			tok = au_to_arg32(2, "cmd",
+			    au_fcntl_cmd_to_bsm(ar->ar_arg_cmd));
+			kau_write(rec, tok);
+		}
 		if (ar->ar_arg_cmd == F_GETLK || ar->ar_arg_cmd == F_SETLK ||
 		    ar->ar_arg_cmd == F_SETLKW) {
-			if (ARG_IS_VALID(kar, ARG_CMD)) {
-				tok = au_to_arg32(2, "cmd", ar->ar_arg_cmd);
-				kau_write(rec, tok);
-			}
 			FD_VNODE1_TOKENS;
 		}
 		break;